In the past years, there has been a strong move in the field of computing services towards usage of virtualization technologies. Virtualization allows the running of unmodified legacy applications on hardware platforms. This is realized through on-the-fly translation from one hardware instruction set to another with the assistance of a so-called hypervisor or Virtual Machine Monitor (VMM). A VMM runs in a so called “most privileged mode” in a computer system running a virtual machine and has full control over vital system resources. A VMM-based system does not only allow instruction translation, but increased system utilization as multiple Virtual Machines (VMs) can run simultaneously on a single powerful hardware platform, opening for different business models. This implies, for example, that existing services can rather easily be migrated into large computing clusters, often referred to as “the cloud”.
One drawback of this new flexibility is that it creates increased security risks. Systems which previously were physically isolated from each other, might run on the same machine which may entail unwanted interaction beyond control between VMs running simultaneously on the same hardware. Further, the VMM is exposed to threats both from external and internal sources. If the VMM is compromised this could affect the whole system.
Examples of VMM solutions are VMW are, Xen and KVM. Differences in underlying technology of the VMMs provides differences in the operation and performance of for example the above mentioned VMMs.
VMW are is a VMM with the ability of running directly on server hardware without requiring an additional underlying operating system. VMware software provides a completely virtualized set of hardware to the guest operating system and uses the CPU to run code directly whenever possible and a dynamic re-write code process called “binary translation” when the code needs to be migrated to a different CPU architecture.
Xen is a VMM that allows several guest operating systems to execute on the same computer hardware concurrently. On most CPUs, Xen uses a form of virtualization known as paravirtualization, meaning that guests run a modified operating system using a special hypercall API instead of certain architectural features.
KVM (Kernel-based Virtual Machine) is a VMM that uses the Linux operating system's kernel in order to virtualize a system, which gives good performance since user-space drivers can be avoided.
Many virtual machine platforms have a Trusted Platform Module (TPM), which is a special purpose hardware module. The TPM enables secure generation of cryptographic keys, protected computation and shielded storage. The TPM includes capabilities such as Remote attestation, Binding and Sealing. Remote attestation creates a secure signature over the current platform configuration in the form of signed hash values. This allows a remote third party to verify if trusted or untrusted software has been installed on the platform. Binding and sealing enables the usage of a particular private unique RSA (Rivest, Shamir and Adleman) key to be restricted to a certain platform state. The state is determined through the current values in the so-called Platform Configuration Registers (PCRs) in the TPM. The PCRs stores hash values of the software blocks that have been loaded into the platform. The RSA key is a private and public key pair is generated within the TPM or transferred to the TPM at production. The public RSA key may be used by third parties to Encrypt data such that access (through restricted usage of the corresponding private key) to the data is restricted to the platform being in the configuration in which the binding key was created. The TPM is further disclosed in “Trusted Platform Module overview”, released by Trusted Computing Group (http://www.trustedcomputinggroup.org).
Virtualization technologies as such can provide secure isolation and protect different VMs that run on a shared platform while being isolated from each other, but the isolation as well as other security properties of the system can only be guaranteed as long as a trusted VMM version is in use and trusted VMM configurations are in place.
From the view of a service provider, who runs services as VMs on virtual platforms, the provider would like to be ensured that virtualization software and configurations of the platforms are trusted and that a particular service (in the form of a VM) is bound to run only on the trusted platform with the trusted configurations.
In previously known virtual machine systems it is not certain that all security critical component including the VMM are trusted prior to launching a service or provisioning a virtual machine on a platform.